Thank you for the suggestions again. I noticed that only www.springflingevent.ca redirects, springflingevent.ca didn't. I took a look at my DNS settings and noticed that my CNAME record for www had a typo in it :/. Now that it has been corrected, all seems to be working well.

Thank you for all your assistance troubleshooting and fixing these problems!

Jacob

I'm sorry I haven't replied to any of your posts yet. Thank you for the suggestions and help.

I just deleted all the files and uploaded a clean copy of the website. It kinda works right now. I can get to the site if I explicitly access a php file. http://springflingevent.ca/index.php works. http://springflingevent.ca/ does not work though. I have looked for .htaccess files and I can't see anything. I am running virtualmin, so the apache settings were not set by me, but I looked in the sites-enabled folder at the .conf file for the site and I didn't see any rewrite rules that looked like they wouldd be causing problems. And, as I said in one of my posts, the other sites from the server work fine. I am not using namespro as my web host nor do I have my domain registered with them. I believe the files I just uploaded are exactly the same ones I uploaded before all this trouble, when things were working.

Is there anything else I should try?

**EDIT** I had posted after this post that I found some files in the JS folder that were not supposed to be there (they had random filenames and were full of base64 encoded code). After deleting them the site seemed fixed. However within minutes it stopped working and again redirects to namespro.ca. I will take another look and make sure I am not missing something hiding in a folder, but for now, the redirect problem is still here.**EDIT**

Thank you,

Jacob

I have reuploaded the CMSB files. I still get redirected to namespro.ca frequently trying to get to the admin page. I usually by trying a few times with and without the admin.php part it will manage to continue. I am now getting an error about not being able to create a session. I get: 

Couldn't start session! 'session_start(): open(**FILE_PATH_HERE**, O_RDWR) failed: No such file or directory (2)'!

I'm not sure what to do to fix this error. 

One note about the redirect stuff too, I happens no matter what device I am on. All my computers as well as my phone do the redirect thing. Other sites running on the server work fine, and all my .htaccess files look ok too. I'm not sure what is causing that problem either.

I have checked that line in the errorlog_functions.php file and the value is already set to -1. I did some grep searches and found a bunch of infected files in my 3rdParty folder and lib folder. I removed and re-uploaded the folders. I tried opening my site and got a message about needing to install the program first before I could use the viewers. I tried going to the admin section of my site, and immediately got redirected to namespro.ca. Now, if I try to view my website, even just the main page not the admin section, I get redirected. This was initially my indication that there was something wrong with my site, but it seemed to eventually go away and give me the error_reporting message. I have checked my .htaccess files in the root directory and in the cmsb (I have it called something else) folders, and they look just fine to me.

Is there something that comes to mind that I should check for those symptoms?

Thank you for your help so far!

Jacob

Back in august, I suffered a massive breach on a bunch of websites, some CMS Builder and some Wordpress. I rebuilt my server from scratch and I believe it is much more secure now.

However, I found that one of my CMS Builder sites has been compromised again. It is located at http://springflingevent.ca.

There is code being added to core files, as well as randomly named php files appearing in many places. Only one of my three CMS Builder sites seems to be affected and I haven't noticed any problems from the other wordpress sites. I removed all the malicious code I could find in the infected site, and I looked through all the files. Now if I try to load my site I get an error message instead of my homepage that states:

errorlog_enable: error_reporting() must be set to -1, not 0!

I saw the error_reporting() variable set to 0 in the malicious code, but I have removed the code from the infected files. I also have checked the permissions on the folders and files, and I believe they are all correct (Folders are 755 and files are 644). I would love some help thinking of ways to figure out how the hacks are being carried out as well as how to resolve the errorlog error.

Please let me know what other info I can provide to better help explain the problem or find a solution.

Thank you,

Jacob

Thanks for the tips about the permissions.

I've hit another problem migrating another hacked cms site (I have 3 total :/). I have cleaned up the files, and moved them over to the new server. Trying to get to the admin login give me this error:

loadINI: syntax error, unexpected '(' in **PATHHIDDEN**/cmsAdmin/data/schema/about_header.ini.php on line 2

To be clear, **PATHHIDDEN** is not what the actual message says there.

The about_header.ini.php file looks like this:

<?php

 /* This is a PHP data file */ if (!@$LOADSTRUCT) { die("This is not a program file."); }

return array (

  'menuName' => 'About',

  'menuOrder' => '5',

  'menuType' => 'menugroup',

);

?>

What might be doing that?

Thanks,

Jacob

Thank you very much for the link and the note about where the schema files were. Moving them over has worked wonderfully! All the admin and section links are back, and they all work when clicked on. The public facing side of the site looks like it is supposed to too.

It looks like the site has been successfully restored now :)

One last question, should the files generally be set to 644 and folders to 755? I want to make sure that I get that part right for sure!

Thank you for your assistance!

Jacob

I'm trying to clean up my CMS Builder install on my web server after a hack. I am moving to a new web server too, as I believe the cause of the hack was partially due to improper permissions and poor setup of the old server (which I inherited). I have taken a backup of the database, both through phpmyadmin and the CMS built in backup. 

I have uploaded a fresh copy of the cms builder admin folder and uploaded my sanitized files from the rest of the old site. I also put the database backup taken using the cms into the data folder in the fresh admin folder. When I follow the install instructions and go to admin.php, I can enter all the required information, sql info and  then pick the database to restore. Upon clicking restore it goes to the login screen.

I am able to log in with my old credentials, and I can see the other users listed too, so it looks like the database restore worked. However none of the buttons down the left side that I am used to seeing appear. If I try to get to the main page I get an error stating: 

getRecords(homepage): Couldn't load schema for 'homepage’!

I'm not sure what is going on. Perhaps I have cleaned off too much code? I removed some lines that has open php tags, a bunch of random characters and then a close php tag. There were also some lines of php containing stripslashes commands at the top of several files that I removed. Oddly, there are references in my files to other CMS installs I have. A $dirsToCheck variable at the top of the index.php for this site points to a non-existent directory named after an existing CMS install, which seems odd.

Please let me know what other information I can provide to help find and answer,

Thank you!